The global IT outage triggered by a faulty CrowdStrike software update has created a perfect storm for cybercriminals to exploit. In the wake of this unprecedented disruption affecting Windows computers worldwide, threat actors are now launching phishing campaigns and distributing malware-laden links.

These malicious actors are preying on individuals and organizations desperate for information and solutions, tricking them into clicking on contaminated links under the guise of offering updates or fixes for CrowdStrike-related issues.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

AUTO PARTS GIANT EXPOSED: 2.3 MILLION CUSTOMERS AT RISK IN MASSIVE DATA BREACH

Massive outage touches every aspect of life

As airlines, banks, grocery stores, 911 emergency communications, medical centers and virtually every organization running Windows computers with CrowdStrike Falcon attempt to recover from what could be the most destructive tech tsunami, criminals are being observed attempting to offer fake help with a payload of trouble.

A person working on a Windows PC (Kurt “CyberGuy” Knutsson)

BEST ANTIVIRUS FOR PCS – CYBERGUY PICKS 2024

Homeland Security issues alert about threat actors after CrowdStrike Windows outage

The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency, known as CISA, is tracking this online criminal activity, which now poses a secondary threat to Americans. Here is the CISA statement:

“CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity. CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources. CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links.”

The massive outages started at 1:20 a.m. ET Friday when CrowdStrike began rolling out a faulty update to its Falcon security product that protects Windows hosts. Screens around the world turned blue, freezing on a crippling message known as the “blue screen of death.”

RETAIL PRICES CAN JUMP IN SECONDS WITH HIGH-TECH STORE PRICE TAGS

A man working on a desktop Windows PC. (Kurt “CyberGuy” Knutsson)

How to protect against threat actors pretending to be CrowdStrike or Microsoft

• Avoid clicking links in any text or email related to the CrowdStrike or Windows disruption.
• Be ready to ride out digital storms like this one by getting your own life jacket in the form of strong anti-virus protection. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
• Only use official sources for resolving security incidents like this one.

CrowdStrike’s CEO George Kurtz addressed the global glitch it caused, and an updated statement puts it in perspective:

“We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.”

HOW TO GROUP TABS IN DIFFERENT BROWSERS TO STOP TAB OVERLOAD

How to recover from the ‘blue screen of death’ outage

CrowdStrike is actively working through its official channels to roll out a previous version of its Falcon software, but not before the disruptive damage was done worldwide. If you have a Windows PC or laptop experiencing trouble, there are alternative workarounds to help you fix it. The company offers the following additional steps that can be taken if your Windows computer is still having trouble.

Workaround steps for individual hosts:

• Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then:
• Boot Windows into Safe Mode or the Windows Recovery EnvironmentNote: Putting the host on a wired network (as opposed to Wi-Fi) and using Safe Mode with Networking can help remediation.
• Navigate to the %WINDIR%System32driversCrowdStrike directory
• Locate the file matching “C-00000291*.sys”, and delete it.
• Boot the host normally. 

Note: Bitlocker-encrypted hosts may require a recovery key.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

Kurt’s key takeaways

Cybercriminals are quick to take advantage of tech troubles like this massive Windows disruption caused by CrowdStrike. The lesson is to take privacy and security into your own hands by being as resilient as possible to attacks. I recommend running good antivirus protection on every device in you and your family’s lives. See the 2024 review of the Best AntiVirus Protection here for options.

What measures do you believe governments and tech companies should implement to prevent and mitigate the impact of such large-scale IT disruptions in the future? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com.  All rights reserved.

Meta is rolling out a revamped version of its Quest mobile app that links it more closely with its 3D social platform Horizon Worlds. The app, now called Meta Horizon, comes with a new tab that lets you complete quests from your phone and customize your avatar.

You can also use the app to explore and join new worlds, as well as connect with friends in Horizon Worlds, which launched on mobile and the web last September. Meta says the update won’t take away any features in the existing app, and you can still use it to set up your Quest headsets and browse the library of apps in the Meta Horizon Store.

Another small update coming to the Meta Horizon app is the addition of light mode, allowing you to easily swap between light and dark whenever you want. Meta also rolled out a new feed featuring content from creators in the mobile app earlier this month.

The update comes as Meta looks to expand Horizon Worlds and its handle on the VR industry. In April, Meta announced plans to license its headset operating system, called Horizon OS, to companies like Lenovo and Asus. It will also start featuring experimental App Lab titles more prominently in the Meta Horizon Store and is trying to make it easier for developers to bring their mobile games to Horizon OS.

Google is raising its minimum quality requirements for Android apps, and will soon remove those that don’t meet expectations from the Play Store. According to the company’s latest spam policy update, apps that demonstrate “limited functionality and content” — such as text only apps, single wallpaper apps, or those that are literally designed to do nothing at all — will no longer be permitted on the Play Store effective August 31st.

These join existing restrictions that barred broken apps that are not responsive, don’t install, crash, or otherwise function abnormally. Google says it’s added the additional requirements to “ensure apps can meet the uplifted standards for the Play catalog and engage users through quality functionality.”

Google has made previous efforts to better police the apps hosted on its Play Store. As noted by Android Authority, as many as 2.28 million apps were blocked from the service in 2023 for violating policies and putting user security at risk. Google also said it had banned 333,000 “bad” Google Play accounts that same year for repeated severe policy violations, and concerns surrounding fraud and malware.